Protocol to Prevent Replay Attacks on Secured Wireless Transactions

ABSTRACT

A method and system for preventing replay attacks on secure data transactions. A replay attack occurs when an unauthorized user intercepts a secure data transaction between a device and a central system and uses the intercepted data to gain access to the central system. One method for preventing such replay attacks is the use of a unique session identification number that is generated for each secure data transaction request. A replay attack is defeated using intercepted data since the unique session identification number is valid only for a completed session and may not be reused. When a device is connected to a server using either wireless or land-line connection, the device requests a session identification number from the server. The server generates and signals to the device a unique session identification number which the device then transmits back to the server along with a request for a secure data transaction. Upon verification of the correct unique session identification number, the server implements the requested data transaction. Termination of the requested transaction by the device signals the termination of the current secure data transaction. A new unique session identification number must be requested and issued in like fashion for any additional secure data transactions. The method and system offer the advantage of use with multiple available servers, in contrast to present methods which require that a device to communicate with a given server. Further, the present method offers reduced operation time since there is a single coupling/uncoupling for each data transaction.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the field of portable devices such aspersonal digital assistants or palmtop computer systems. Morespecifically, embodiments of the present invention relate to wirelesscommunication using a portable computer system and a second (“host”)computer system.

2. Related Art

As the components required to build a computer system have reduced insize, new categories of electronic devices and computer systems haveemerged. One of the new categories of computer systems is the “palmtop”computer system. A palmtop computer system is a computer that is smallenough to be held in the hand of a user and can therefore be“palm-sized,” Most palmtop computer systems are used to implementvarious Personal Information Management (PIM) applications such as anaddress book, a daily organizer (calendar, datebook, etc.) andelectronic notepads, to name a few. Palmtop computers with PIM softwarehave been known as Personal Digital Assistants (PDAs). Many PDAs have asmall and flat display screen associated therewith.

User convenience and device value are very important factors forportable electronic devices. Typically, portable electronic devices areemployed while the user is on the run, e.g., in business meetings, onbusiness travel, personal travel, in a vehicle, on foot, etc. Becausethe user may be occupied or busy while using the portable electronicdevice, the number of user steps or user tasks required in order toaccess information from an electronic device (or to store informationinto the electronic device) is crucial for producing a commerciallysuccessful and useful product. That is, the more difficult it is toaccess data from an electronic device, the less likely the user willperform those tasks to obtain the information. Likewise, the easierinformation is to obtain, the more likely the portable electronic devicewill be used to obtain that information and the more likely the portableelectronic device will become a part of the user's everyday activities.

Similarly, the more useful the device, the more the device will be usedand acquired. The functionality of mobile wireless devices is undergoinga transition. Mobile devices are evolving from a single applicationdevice with dedicated specific purpose communication channel (forexample, a cell phone or pager), to more general-purpose devices withmore flexible data communication capabilities.

More specifically, wireless technology is advancing, both in the numberof options that are available for providing connectivity, and in theflexibility to provide general purpose data communication. Differenttechnologies such as cellular technologies (e.g., COMA, TDMA), LANaccess technologies (e.g., IEEE 802.11, HomeRF) and PAN technologies(e.g., Bluetooth, IR) each address a different set of needs, and providea different set of potential services. Mobile devices are no longerrestricted to a single communication channel. Modular mobile devicesallow network interfaces to be attached, allowing for unlimitedcommunications configurations. In addition, Bluetooth technology allowsa single mobile device to simultaneously access multiple piconetsthrough a single interface.

To facilitate mobile wireless communication, several wireless modemperipheral devices are available that can be directly connected to theserial interface port of a host computer system thereby providingwireless communication to the internet. Wireless communication betweentwo stations via the internet requires security for the users as well asprotection of any data being exchanged. More specifically, useridentification and verification of authorization to access given dataare both important considerations. Equally important is user protectionfrom a replay attack whereby intercepted identification/access data isused by an attacker to gain unauthorized access to an account.

In the prior art, one method for protecting against unauthorized use ofa computer system or against unauthorized access to information storedin a computer system is to use a password. However, passwords areconsidered by many users to be vexing and inconvenient. Passwords canlock out even an authorized user, and experience shows that passwordscan be defeated by unauthorized users. In addition, while a password mayprevent access to applications and information already existing on thepalmtop, it will generally not prevent an unauthorized user from addingnew applications and information. Thus, an unauthorized user can simplyassume ownership of the palmtop and ignore the password-protectedinformation.

In the prior art, user security is often provided by the assignment of aunique user identification number (ID) such as the manufacturers serialnumber (MAN) of the PDA being used. Such is the case with the MobitexNetwork utilized with Palm PDAs. However, an attacker could interceptsuch a transaction, modify the MAN number and access a different webclipping proxy server (WCP) in order to replay the intercepted message,thereby defeating the intended user security. For other TCP/IP basedwireless networks (GSM, CDPD, etc.), or wire-line networks, a MAN numbermay not exist and the request from a single PDA source may even bedirected to other WCP servers.

A sequence number is used to thwart replay attacks for securetransactions in the prior art. Sequence numbers are stored in a givenWCP server for each secure transaction. This implementation assumes thatthe request from one PDA will always go to the same WCP server. However,this assumption may not be valid for TCP/IP based wireless or wire-linenetworks because the dispatcher will not be load balanced. In suchcases, the load balance could be a round robin among available serversand the storage of a sequence number in a particular server for securitypurposes will then result in communication failure. Actually, theassumption may be broken even in the case of multiple meta-clusterMobitex servers, which would likewise result in failure to communicate.

SUMMARY OF THE INVENTION

Accordingly, what is needed is a more generally applicable method orsystem that offers increased security during secure data transactions.What is also needed is a method or system that will not only increasesecurity but will also prevent unauthorized access to a data transactionby means of intercepted data. In addition, what is needed is a method orsystem that will function properly without requiring a device tocommunicate exclusively with a given server or central system.

A method and system for preventing replay attacks on secure datatransactions is described. A replay attack occurs when an unauthorizeduser intercepts a secure data transaction between a device and a centralsystem and uses the intercepted data to gain access to the centralsystem. One method for preventing such replay attacks is the use of aunique session identification number that is generated for each securedata transaction request. A replay attack is defeated using intercepteddata since the unique session identification number is valid only for acompleted session and may not be reused. When a device is connected to aserver using either wireless or land-line connection, the devicerequests a session identification number from the server. The servergenerates and signals to the device a unique session identificationnumber which the device then transmits back to the server along with arequest for a secure data transaction. Upon verification of the correctunique session identification number, the server implements therequested data transaction. Termination of the requested transaction bythe device signals the termination of the current secure datatransaction. A new unique session identification number must berequested and issued in like fashion for any additional secure datatransactions. The method and system offer the advantage of use withmultiple available servers, in contrast to present methods which requirethat a device to communicate with a given server. Further, the presentmethod offers reduced operation time since there is a singlecoupling/uncoupling for each data transaction.

In one embodiment, a device communicates with a server or system whichis the World Wide Web site residing on a server computer system in acomputer system network (e.g. the internet). The proxy server receives asignal from the device requesting a unique session identification numberin preparation for a secure data transaction. The server generates andcommunicates a unique session identification number to the device. Thedevice then returns a signal to the server which includes the uniqueidentification number along with the request for a secure datatransaction. The server compares the returned unique sessionidentification number with the original and provided the comparison issatisfactory the requested secure data transaction is implemented. Uponcompletion of the requested secure data transaction, the session isterminated by the device.

In one embodiment, the device communicating with a server or system is aportable device such as a palmtop computer system or PDA. The portabledevice transmits a signal to a server or system requesting a sessionidentification number in preparation for a secure data transaction. Inresponse to this request, the portable device receives a unique sessionidentification number generated by the server or system. The portabledevice then transmits a signal to the server or system requesting asecure data transaction and which signal includes the unique sessionidentification number. Provided the returned unique sessionidentification number matches the original generated by the server, theportable device is permitted to complete the requested secure datatransaction. Upon completion of the secure data transaction, theportable device decouples communicatively from the server or systemwhich signals termination of the current secure data transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a block diagram of an exemplary network environment includinga portable computer system in accordance with one embodiment of thepresent invention.

FIGS. 1B, 1C, 1D, 1E and 1F are block diagrams showing variousembodiments for coupling a portable computer system to other computersystems and to the internet in accordance with the present invention.

FIG. 2 is a top side perspective view of a portable computer system inaccordance with one embodiment of the present invention.

FIG. 3 is a bottom side perspective view of the portable computer systemof FIG. 2.

FIG. 4 is a block diagram of one embodiment of a portable computersystem in accordance with the present invention.

FIG. 5 is a perspective view of the cradle device for connecting theportable computer system to other systems via a communication interfacein accordance with one embodiment of the present invention.

FIG. 6 is a block diagram of one embodiment of a server, desktop orlaptop computer system in accordance with the present invention.

FIG. 7 is a flowchart showing the steps in a process for preventingreplay attacks on secure data transactions in accordance with oneembodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description of the present invention, numerousspecific details are set forth in order to provide a thoroughunderstanding of the present invention. However, it will be recognizedby one skilled in the art that the present invention may be practicedwithout these specific details or with equivalents thereof. In otherinstances, well known methods, procedures, components, and circuits havenot been described in detail as not to unnecessarily obscure aspects ofthe present invention.

NOTATION AND NOMENCLATURE

Some portions of the detailed descriptions, which follow, are presentedin terms of procedures, steps, logic blocks, processing, and othersymbolic representations of operations on data bits that can beperformed on computer memory. These descriptions and representations arethe means used by those skilled in the data processing arts to mosteffectively convey the substance of their work to others skilled in theart. A procedure, computer executed step, logic block, process, etc., ishere, and generally, conceived to be a self-consistent sequence of stepsor instructions leading to a desired result. The steps are thoserequiring physical manipulations of physical quantities. Usually, thoughnot necessarily, these quantities take the form of electrical ormagnetic signals capable of being stored, transferred, combined,compared, and otherwise manipulated in a computer system. It has provenconvenient at times, principally for reasons of common usage, to referto these signals as bits, values, elements, symbols, characters, terms,numbers, or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the followingdiscussions, it is appreciated that throughout the present invention,discussions utilizing terms such as “determining” or “indicating” or“indexing” or “receiving” or “performing” or “initiating” or “sending”or “implementing” or “disabling” or “enabling” or “displaying” or thelike, refer to the action and processes of a computer system or similarelectronic computing device, that manipulates and transforms datarepresented as physical (electronic) quantities within the computersystem's registers and memories into other data similarly represented asphysical quantities within the computer system memories or registers orother such information storage, transmission or display devices.

The present invention is discussed primarily in the context of aportable computer system, such as a palmtop or personal digitalassistant, with the capability to access via the Internet a World WideWeb (“Web”) site residing on a server computer system. However, it isappreciated that the present invention can be used with other types ofdevices that have the capability to access some type of central deviceor central site, including but not limited to laptop computer systems.

Exemplary Palmtop Platform

FIG. 1A is a block diagram of an exemplary network environment 50including a portable computer system 100 in accordance with oneembodiment of the present invention. Portable computer system 100 isalso known as a palmtop or palm-sized computer system or as a personaldigital assistant (PDA). In one embodiment, portable computer system 100has the ability to transmit and receive data and information over awireless communication interface (e.g., a radio interface). In oneembodiment, the wireless communication interface is integrated intoportable computer system 100; in another embodiment, the wirelesscommunication interface is accomplished with a wireless modem attachment(not shown).

In the present embodiment, base station 32 is both a transmitter andreceiver base station, which can be implemented by coupling it into anexisting public telephone network 34. Implemented in this manner, basestation 32 enables portable computer system 100 to communicate with aproxy server computer system 36, which is coupled by wire to theexisting public telephone network 34. Furthermore, proxy server computersystem 36 is coupled to the Internet 52, thereby enabling portablecomputer system 100 to communicate with the Internet 52. Coupled withInternet 52 are multiple servers exemplified by server 30. Residing onserver 30 is a Web site 40. When communicating with a Web site overInternet 52, protocols such as CTP (Compact Transport Protocol) and CML(Compact Markup Language) can be used by portable computer system 100 inthe present embodiment.

It should be appreciated that within the present embodiment, one of thefunctions of proxy server 36 is to perform operations over the Internet52 on behalf of portable computer system 100. For example, proxy server36 has a particular Internet address and acts as a proxy device forportable computer system 100 over the Internet 52.

It should be further appreciated that other embodiments of acommunications network, planned or envisioned, may be utilized inaccordance with the present invention. For example, a wirelessconnection may be made from portable computer system 100 directly to theInternet 52.

The data and information which are communicated between base station 32and portable computer system 100 are the same type of information anddata that can conventionally be transferred and received over a publictelephone wire network system. However, a wireless communicationinterface is utilized to communicate data and information betweenportable computer system 100 and base station 32. It should beappreciated that one embodiment of a wireless communication system inaccordance with the present invention is the Mobitex wirelesscommunication system.

FIGS. 1B, 1C, 1D, 1E and 1F are block diagrams showing variousembodiments of a system 51 for coupling a portable computer system 100to other computer systems and to the Internet 52 in accordance with thepresent invention. System 51 is described in the context of wiredconnections between its various devices and components; however, it isappreciated that wireless connections (such as but not limited toBluetooth wireless connections) can also be used.

With reference first to FIG. 1B, system 51 comprises a host computersystem 56 which can either be a desktop unit as shown, or,alternatively, can be a laptop system 58. Optionally, one or more hostcomputer systems can be used within system 51. Host computer systems 58and 56 are shown connected to a communication bus 54 such as an EthernetLocal Area Network (LAN), but which can instead be any of a number ofother types. Bus 54 can provide communication with the Internet 52 usinga number of well-known protocols. Coupled with Internet 52 are multipleservers exemplified by server 30. Residing on server 30 is a Web site40.

Importantly, in the present embodiment, host computer system 56 is alsocoupled via connector cable 68 to a cradle 60 for receiving andinitiating communication with portable computer system 100 (“handheldcomputer”) of the present invention. Connector cable 66 can be a serialbus (e.g., RS232), a parallel bus, a Universal Serial Bus (USB), or anyother type of workable connection. Cradle 60 provides an electrical andmechanical communication interface between connector cable 68 andportable computer system 100 for two-way communications with hostcomputer system 56. Portable computer system 100 also contains awireless infrared communication mechanism 64 for sending and receivinginformation from other devices.

With reference next to FIG. 1C, in this embodiment, laptop system 58 iscoupled via connector cable 68 to cradle 60. As described above,connector cable 68 can be a serial bus (e.g., RS232), a parallel bus, aUSB, or any other type of workable connection for enabling two-waycommunication between portable computer system 100 and laptop system 58.

FIG. 1D shows another embodiment of system 51 in accordance with thepresent invention. In this embodiment, host computer system 56 iscoupled via connector cable 68 to cradle 60. Host computer system 56 isalso coupled to a modem 76 via another connector cable 78. Connectorcable 78 can be a serial bus, a parallel bus, a USB, or any other typeof workable connection that can be used for allowing two-waycommunication between host computer system 56 and the internet 52. Inthis embodiment, connector cable 78 is coupled with a wire line 74 to acentral office (or cable office, etc.) 81 via modem 76. Modem 76 can beinternal to or external to host computer system 56. Modem 76 can be ananalog modem, a cable modem, an ADSL (Asymmetric Digital SubscriberLine) modem, or any other such device. Central office 81 in turn iscommunicatively coupled to the Internet 52 via some type of well-knowncommunication line 84.

FIG. 1E shows another embodiment of system 51 in accordance with thepresent invention. In this embodiment, laptop system 58 is coupled viaconnector cable 68 to cradle 60. Laptop system 58 is also coupled tomodem 76 via connector cable 78. In this embodiment, connector cable 78is coupled with wire line 74 to central office 81 via modem 76. Centraloffice 81 in turn is communicatively coupled to the Internet 52 viacommunication line 84.

FIG. 1F shows another embodiment of system 51 in accordance with thepresent invention. In this embodiment, portable computer system 100 iscoupled with wire line 74 via a modem 82. In one embodiment, portablecomputer system 100 is a Palm V or other such PDA, and modem 82 is aPalm V modem or PDA modem. Wire line 74 is communicatively coupled tocentral office 81 which in turn is communicatively coupled to theInternet 52 via communication line 84.

With reference to FIGS. 1A through 1F, it is appreciated that portablecomputer system 100 can be used in a network environment combiningelements of networks 50 and 51. That is, as will be seen below, portablecomputer system 100 can include both a wireless infrared communicationmechanism and a signal (e.g., radio) receiver/transmitter device.

FIG. 2 is a perspective illustration of the top face 100 a of oneembodiment of the palmtop computer system 100 of the present invention.The top face 100 a contains a display screen 105 surrounded by a bezelor cover. A removable stylus 80 is also shown. The display screen 105 isa touch screen able to register contact between the screen and the tipof the stylus 80. The stylus 80 can be of any material to make contactwith the screen 105. The top face 100 a also contains one or morededicated and/or programmable buttons 75 for selecting information andcausing the computer system to implement functions. The on/off button 95is also shown.

FIG. 2 also illustrates a handwriting recognition pad or “digitizer”containing two regions 106 a and 106 b. Region 106 a is for the drawingof alphabetic characters therein (and not for numeric characters) forautomatic recognition, and region 106 b is for the drawing of numericcharacters therein (and not for alphabetic characters) for automaticrecognition. The stylus 80 is used for stroking a character within oneof the regions 106 a and 106 b. The stroke information is then fed to aninternal processor for automatic character recognition. Once charactersare recognized, they are typically displayed on the screen 105 forverification and/or modification.

FIG. 3 illustrates the bottom side 100 b of one embodiment of thepalmtop computer system that can be used in accordance with variousembodiments of the present invention. An extendible antenna 85 is shown,and also a battery storage compartment door 90 is shown. A communicationinterface 180 is also shown. In one embodiment of the present invention,the communication interface 180 is a serial communication port, butcould also alternatively be of any of a number of well-knowncommunication standards and protocols, e.g., parallel, SCSI (smallcomputer system interface), Firewire (IEEE 1394), Ethernet, etc.

FIG. 4 illustrates circuitry of computer system 100. Computer system 100includes an address/data bus 110 for communicating information, acentral processor 101 coupled with the bus for processing informationand instructions, a volatile memory 102 (e.g., random access memory,RAM) coupled with the bus 110 for storing information and instructionsfor the central processor 101 and a non-volatile memory 103 (e.g., readonly memory, ROM) coupled with the bus 110 for storing staticinformation and instructions for the processor 101. Computer system 100also includes an optional data storage device 104 (e.g., memory stick)coupled with the bus 110 for storing information and instructions.Device 104 can be removable. As described above, computer system 100also contains a display device 105 coupled to the bus 110 for displayinginformation to the computer user. PC board 225 can contain the processor101, the bus 110, the ROM 103 and the RAM 102.

With reference still to FIG. 4, computer system 100 also includes asignal transmitter/receiver device 108, which is coupled to bus 110 forproviding a physical communication link between computer system 100, anda network environment (e.g., network environments 50 and 51 of FIGS. 1Athrough 1F). As such, signal transmitter/receiver device 108 enablescentral processor unit 101 to communicate wirelessly with otherelectronic systems coupled to the network. It should be appreciated thatwithin the present embodiment, signal transmitter/receiver device 108 iscoupled to antenna 85 (FIG. 4) and provides the functionality totransmit and receive information over a wireless communicationinterface. It should be further appreciated that the present embodimentof signal transmitter/receiver device 108 is well suited to beimplemented in a wide variety of ways. For example, signaltransmitter/receiver device 108 could be implemented as a modem.

In one embodiment, computer system 100 includes a communication circuit109 coupled to bus 110. Communication circuit 109 includes an optionaldigital signal processor (DSP) 120 for processing data to be transmittedor data that are received via signal transmitter/receiver device 108.Alternatively, processor 101 can perform some or all of the functionsperformed by DSP 120.

Also included in computer system 100 of FIG. 4 is an optionalalphanumeric input device 106 that in one implementation is ahandwriting recognition pad (“digitizer”) having regions 106 a and 106 b(FIG. 2), for instance. Alphanumeric input device 106 can communicateinformation and command selections to processor 101. Computer system 100also includes an optional cursor control or directing device (on-screencursor control 107) coupled to bus 110 for communicating user inputinformation and command selections to processor 101. In oneimplementation, on-screen cursor control device 107 is a touch screendevice incorporated with display device 105. On-screen cursor controldevice 107 is capable of registering a position on display device 105where the stylus makes contact. The display device 105 utilized withcomputer system 100 may be a liquid crystal display device, a cathoderay tube (CRT), a field emission display device (also called a flatpanel CRT) or other display device suitable for generating graphicimages and alphanumeric characters recognizable to the user. In thepreferred embodiment, display device 105 is a flat panel display.

FIG. 5 is a perspective illustration of one embodiment of the cradle 60for receiving the palmtop computer system 100. Cradle 60 contains amechanical and electrical interface 260 for interfacing withcommunication interface 108 (FIG. 3) of computer system 100 when system100 is slid into the cradle 60 in an upright position. Once inserted,button 270 can be pressed to initiate two-way communication (e.g., acommunication session) between computer system 100 and other computersystems coupled to serial communication 265.

Exemplary Desktop/Laptop/Server Platform

Refer now to FIG. 6 which illustrates an exemplary computer system 342with which embodiments of the present invention may be practiced.Computer system 342 exemplifies desktop computer system 56 or laptopcomputer system 58 of FIG. 1B. Computer system 342 also exemplifies aserver computer system in a computer system network (such as server 30in FIGS. 1A through 1F) or a proxy server computer (e.g., proxy server36 of FIG. 1A).

Continuing with reference to FIG. 6, in general, computer system 342comprises bus 700 for communicating information, processor 701 coupledwith bus 700 for processing information and instructions, random access(volatile) memory (RAM) 702 coupled with bus 700 for storing informationand instructions for processor 701, read-only (non-volatile) memory(ROM) 703 coupled with bus 700 for storing static information andinstructions for processor 701, data storage device 704 such as amagnetic or optical disk and disk drive coupled with bus 700 for storinginformation and instructions, an optional user output device such asdisplay device 705 coupled to bus 700 for displaying information to thecomputer user, an optional user input device such as alphanumeric inputdevice 706 including alphanumeric and function keys coupled to bus 700for communicating information and command selections to processor 701,and an optional user input device such as cursor control device 707coupled to bus 100 for communicating user input information and commandselections to processor 701. Furthermore, an optional input/output (I/O)device 708 is used to couple computer system 342 to, for example, acommunication bus (e.g., communication bus 54 of FIG. 1B).

Continuing with reference to FIG. 6, display device 705 utilized withcomputer system 342 may be a liquid crystal device, cathode ray tube, orother display device suitable for creating graphic images andalphanumeric characters recognizable to the user. Cursor control device707 allows the computer user to dynamically signal the two-dimensionalmovement of a visible symbol (pointer) on a display screen of displaydevice 705. Many implementations of the cursor control device are knownin the art including a trackball, mouse, joystick or special keys onalphanumeric input device 706 capable of signaling movement of a givendirection or manner of displacement. It is to be appreciated that thecursor control 707 also may be directed and/or activated via input fromthe keyboard using special keys and key sequence commands.Alternatively, the cursor may be directed and/or activated via inputfrom a number of specially adapted cursor directing devices.

FIG. 7 is a flowchart showing the steps in a protocol 800 for preventingunauthorized access to a secure data transaction between a device (e.g.portable computer system 100 of FIGS. 1A through 1F) and a system orserver (e.g. 36 of FIG. 1A) by utilizing a unique session identificationnumber for each data transaction in one embodiment of the presentinvention.

In step 810 of FIG. 7, in the present embodiment, the owner or anauthorized user of portable computer system 100 (the client) establishescommunication with a web clipping proxy (WCP) server, 36 of FIG. 1A. TheWCP server communicates via the internet, 52 of FIG. 1A, with a website, 40 of FIG. 1A, on the World Wide Web network, Web site 40typically resides on a server computer system (e.g. a “central device”)as exemplified by server 30 of FIGS. 1A through 1F. In one embodiment,the portable computer system 100 communicating with the WCP server 36 isa portable device such as a palmtop computer system or PDA.

With reference still to FIG. 7, the client 100 desires an exchange ofinformation with web site 40, and in step 820 transmits a signal to theWCP server 36 requesting a session identification number in preparationfor a secure data transaction.

In step 830, the WCP server 36 generates a session identification numberin response to the client request made in step 820. The generatedsession identification number is singular in form and will only begenerated one time for the requesting client. It is to be appreciatedthat the WCP server 36 has the capacity to recognize the requestingclient 100, correlate the generated session identification number withthe requesting client 100, and prevent any future generation of the samesession identification number for the same client 100. The generatedsession identification number is then communicated by the WCP server 36to the client 100 where it is stored in preparation for a secure datatransaction request.

Continuing with step 840 of FIG. 7, the client 100 formulates a requestfor a secure data transaction which includes the session identificationnumber, and transmits the formulated request to the WCP server 36.

In step 850, the WCP server 36 receives the formulated secure datatransaction request from the client 100. The session identificationnumber included with the request is compared by the WCP server 36 withthe original session identification number generated by the WCP server36.

If the comparison does not result in an exact match, the current requestfor a secure data transaction is denied in step 860. It is understoodthat if no response is received by the client 100 from the WCP server36, the current request for a secure data transaction is deniedAlternatively, the WCP server 36 could be configured to transmit asignal to the client 100 that the current request is denied.

If the comparison in step 850 results in an exact match, the currentrequest for a secure data transaction is accepted. In step 870, thecurrent requested secure data transaction is implemented by the WCPserver 36. In one embodiment, the current requested secure datatransaction could be a transfer of data between the client 100 and a website 40 of FIG. 1A via the internet 52 of FIG. 1A.

The termination of the current secure data transaction as signaled byeither the client 100 or the web site 40 in FIG. 1A is a signal to theWCP server 36 to terminate the current implementation in step 880. TheWCP server discontinues the communication between the client 100 and theweb site 40, and the client 100 is returned to step 810. The client 100may then request another secure data transaction, whereby a new sessionidentification number is required and the above process must berepeated. Alternately, the client 100 may either continue or discontinuecommunication with the WCP server 36.

Thus the present invention provides a method and system that willprevent an unauthorized user from gaining access to a secure datatransaction by utilizing intercepted data in a replay attack. Further,the present invention provides a method and system that overcomes therequirement of prior systems that a client 100 always communicate withthe same WCP server 36. That is, the present method and system may beimplemented between any client 100 and WCP server 36, which is anadvantage in larger networks having distributed servers where loadbalancing might be a problem.

The preferred embodiment of the present invention, a protocol to preventreplay attacks on secured wireless transactions, is thus described.While the present invention has been described in particularembodiments, it should be appreciated that the present invention shouldnot be construed as limited by such embodiments, but rather construedaccording to the below claims.

What is claimed is:
 1. A method for preventing replay attacks on securedata transactions, said method comprising the steps of: a) establishinga communicative coupling with an authorized device; b) receiving asignal from said device requesting a session identification number; c)generating said session identification number and communicating saidsession identification number to said device; d) receiving a signal fromsaid device, wherein said signal comprises a request for said securedata transaction and includes said session identification number, and e)coupling said device communicatively to implement said secure datatransaction provided said request is authorized based on said sessionidentification number.
 2. The method as recited in claim 1 wherein saidstep e) comprises the step of: e1) ensuring that only one said couplingis authorized for each given said session identification number.
 3. Themethod as recited in claim 1 wherein said method is implemented using aserver computer system communicatively coupled to said device via theWorld Wide Web.
 4. The method as recited in claim 1 wherein said deviceis a palmtop computer system.
 5. The method as recited in claim 1wherein said step e) comprises the step of: e1) encrypting data usingcerticom.
 6. The method as recited in claim 1 wherein termination ofsaid communicative coupling by said device indicates termination of saidrequest.
 7. The method as recited in claim 1 wherein said method isimplemented using a server computer system communicatively coupled tosaid device via Mobitex based network.
 8. The method as recited in claim1 wherein said method is implemented using a server computer systemcommunicatively coupled to said device via TCP/IP based network.
 9. In aportable device, a method for preventing replay attacks on secure datatransactions, said method comprising the steps of: a) sending a signalto a central device requesting a session identification number; b)receiving in response a session identification number; c) sending asignal to said central device requesting a secure data transaction, saidsignal including said session identification number, and d) implementingan operating mode wherein said portable device is communicativelycoupled for said secure data transaction, based on a positiveconfirmation of said session identification number.
 10. The method asrecited in claim 9 wherein said step d) comprises the step of: d1)ensuring that only one said coupling is authorized for each given saidsession identification number.
 11. The method as recited in claim 9wherein said portable device is a palmtop computer system.
 12. Themethod as recited in claim 9 wherein said central device is a servercomputer system communicatively coupled to said portable device via theWorld Wide Web.
 13. The method as recited in claim 9 wherein said stepd) comprises the step of: d2) encrypting data using certicom.
 14. Themethod as recited in claim 9 wherein termination of said communicativecoupling by said portable device indicates termination of said request.15. The method as recited in claim 9 wherein said method is implementedusing a server computer system communicatively coupled to said portabledevice via Mobitex based network.
 16. The method as recited in claim 9wherein said method is implemented using a server computer systemcommunicatively coupled to said portable device via TCP/IP basednetwork.
 17. A system for preventing replay attacks on secure datatransactions, said system comprising: a central device having a databasecomprising registration information for a device, said devicecommunicatively coupled to said central device; wherein upon use of saiddevice, said device is operable to send to said central device a signalrequesting a unique session identification number for a single securedata transaction, and wherein said central device in response isoperable to signal to said device said unique session identificationnumber, and wherein said single secure data transaction is enabled bysaid central device upon receiving a signal from said device requestinga said secure data transaction, provided said request includes saidunique session identification number.
 18. The system of claim 17 whereinsaid device is a palmtop computer system.
 19. The system of claim 17wherein said central device is a server computer system communicativelycoupled to said device via the World Wide Web.
 20. The system of claim17 wherein said unique session identification number is distinct foreach said secure data transaction request.